6

Recently I posted a guide detailing how to install OMD (Open Monitoring Distribution) on Ubuntu 14.04. Part of OMD is the Check_MK network monitoring platform. I consider it the best available in the Open Source world. Check_MK supports monitoring VMware ESXi hosts, as well as vSphere servers. It uses the vSphere API to communicate with the host, so it’s able to pull much more data than SNMP. It’s not exactly a very intuitive process to get an ESXi host added to Check_MK, but it’s very easy if you know what to do. The documentation available is sub par, at best. So, I’m going to change that! This guide applies to all versions of ESXi 5 or later. So, ESXi 5, 5.1, 5.5 and 6.

Many necessary administrative functions on ESXi requires SSH access. For example, offline bundles, third party management utilities, backup utilities, and many other tasks require you to log in to the ESXi console, via SSH or physically. This post will guide you through the process of enabling the SSH service, and opening up the firewall to allow access. This process works on all versions of ESXi, including the newer versions such as 5, 5.5, and 6. Lets get started.

Enabling SSH on an ESXi host

There are two steps involved in getting SSH access set up on an ESXi host.

Enabling the SSH service

Opening port 22 (SSH port) on the firewall

First, log into the VMware vSphere Client. You can login directory to the host, or to a vSphere server, it doesn’t matter. Select the host in the left panel, then navigate to Configuration > Security Profile, once you are there, click on the Properties option to the right of Services.

SNMP isn’t exactly new technology, but it’s pretty reliable and just about every monitoring system out there supports it. There are definitely more in-depth monitoring solutions for ESXi out there, but if you are looking for a quick and dirty monitoring solution for an ESXi host to integrate into a platform you already have, SNMP will do the trick. This post describes how to setup SNMP on ESXi 5, 5.5, and 6. I’m fairly certain it will work on older versions of ESXi as well, but i have not tested that theory.

How to enable SNMP on ESXi 5 / 5.5 / 6

There are a few steps involved in getting SNMP functional on ESXi. They go something like this.

It a lab environment, and very limited production scenarios, it’s often very useful to open all ports, TCP and UDP, but only to certain IP addresses, subnets, or IP address ranges. I have found very little info on this specifically, so I thought I would whip up this guide so you know an easy way to open up all ports for specific addresses. This will work on VMware ESXi 5, 5.1 and 5.5 for sure, but it will most likely work for most versions of ESXi, although I have not tested it. Please let me know if the comments if you have luck on non 5.x versions, specifically 4.x and 6.x.

Basically, we are going to create 4 firewall rules, each does the following:

Open all UDP ports inbound (ports 1-60,000).

Open all UDP ports outbound (ports 1-60,000).

Open all TCP ports inbound (ports 1-60,000).

Open all TCP ports outbound (ports 1-60,000).

Once that’s done we’ll lock access down to a specific address(s) via the vSphere Client. First, go ahead and SSH into your ESXi host. Once you are at a command prompt you will need to edit /etc/vmware/firewall/service.xml. I prefer nano, but that’s not available on ESXi, so we have to use VI. First, lets make a backup of the file and change permissions so we can edit the file.

Now we have a backup of the service.xml file, called service.xml.bak. We have also allowed writes to service.xml and toggled the sticky bit. Lets go ahead and open service.xml with vi.

# vi /etc/vmware/firewall/service.xml

The service.xml file is the main template for firewall rules, specifically pertaining to ports. It is what populates all of the available information on the Security Profile > Firewall tab in the vSphere Client. It is here we are going to add our four rules. If you are unfamiliar with vi, it can be a big confusing. Here are some pointers for you:

When you first enter vi, you cannot manipulate any text. to do so, hit the “i” key. This puts you in “insert” mode.

Once selecting “i” you can move about freely and add/edit at will.

After making all needed changes, press the “ESC” key, the “:” – This puts you in vi command mode.

At the “:” prompt, enter “w” (for write) and q (for quit) and then press enter. So it should look like this :wq

This morning I got an email from the datacenter that informed me of a loud alarm coming from one of my servers. I knew right away it was the LSI card sounding off due to a hard drive failure. Since I almost always use RAID 10 in critical arrays, I was more annoyed than concerned. So, off to the datacenter I went, new drive in hand. While diagnosing the issues, I realized there is no out-of-the-box way to be notified of a drive failure within ESXi. As far as I could tell, everything was fine, except for an audible alarm I would have never heard.

The RAID card in this particular server is an LSI 9260-8i, however this guide is the same for all of the 92xx series cards, like the 9265-8i, or 9265-16i. VMware includes drivers for these cards, starting in ESXi 5.1 if I remember correctly. However, there is no health data for drives and no management interface for arrays. After a couple google searches, I quickly found that there is a lot of conflicting information and tons of problems that go along with installing the LSI MegaRAID Manager, MSM, on ESXi. I also ran into some problems. So, I thought I would put together a quick, easy, clear guide to save others the hassle of going through what I went through. So, here we go.

How to install MSM on ESXi 5.5

To complete this process, you will have to put your ESXi host into maintenance mode, and you will have to reboot. So make sure your VMs are all shut down before proceeding.